Lucene search
K

2839 matches found

CNNVD
CNNVD
added 2023/09/27 12:0 a.m.2 views

LG Mobile Security Breach

LG mobile is a series of mobile device products from South Korea's Luckin LG. A security vulnerability exists in LG Mobile. An attacker could use this vulnerability to change the file access mode to globally readable and globally writable...

7.8CVSS6.7AI score0.00098EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/18 12:0 a.m.4 views

PT-2023-24653 · Spring · Spring Security

Name of the Vulnerable Software and Affected Versions: Spring Security versions prior to 5.8.7 Spring Security versions prior to 6.0.7 Spring Security versions prior to 6.1.4 Spring Security versions prior to 6.2.0-M1 Description: The spring-security.xsd file inside the spring-security-config jar...

5.5CVSS8.9AI score0.00216EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2023/09/11 8:15 a.m.3 views

CVE-2023-35845

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...

4.7CVSS5.4AI score0.00115EPSS
Exploits1References2
NVD
NVD
added 2023/09/11 8:15 a.m.19 views

CVE-2023-35845

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...

4.7CVSS4.7AI score0.00115EPSS
Exploits1References1
Prion
Prion
added 2023/09/11 8:15 a.m.18 views

Code injection

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...

1CVSS4.8AI score0.00115EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.5 views

PT-2023-6499 · Anaconda · Miniconda +1

Name of the Vulnerable Software and Affected Versions: Anaconda 3 versions 2023.03-1-Linux Miniconda version not specified Description: The issue allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many...

9.8CVSS7.4AI score0.78483EPSS
Exploits7References12
Cvelist
Cvelist
added 2023/09/11 12:0 a.m.24 views

CVE-2023-35845

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...

4.9AI score0.00115EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/08/03 3:15 p.m.7 views

CVE-2023-25600

An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016...

7.1CVSS5.9AI score0.00187EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/08/03 2:7 a.m.2 views

SUSE CVE-2023-4052

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction a form of symbolic link to allow...

6.5CVSS7.8AI score0.00581EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/08/03 12:0 a.m.25 views

SUSE SLES15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:3163-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3163-1 advisory. This update for MozillaFirefox fixes the following security issues: Firefox was updated to Extended Support Release 115.1.0 ESR...

9.8CVSS7AI score0.13694EPSS
Exploits1References25
OSV
OSV
added 2023/08/01 3:15 p.m.3 views

CVE-2023-4052

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction a form of symbolic link to allow...

6.5CVSS7.4AI score0.00581EPSS
Exploits0References4
OSV
OSV
added 2023/08/01 3:15 p.m.2 views

UBUNTU-CVE-2023-4052

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction a form of symbolic link to allow...

6.5CVSS7.2AI score0.00581EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/07/24 5:6 p.m.32 views

CVE-2023-3321 Code Execution through Writable Mosquitto Configuration File

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...

7CVSS8.8AI score0.00323EPSS
Exploits0References1
OSV
OSV
added 2023/07/20 6:15 p.m.4 views

CVE-2023-31462

An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges...

8.8CVSS6.2AI score0.00918EPSS
Exploits1References2
Prion
Prion
added 2023/07/20 6:15 p.m.20 views

Code injection

An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges...

6.5CVSS8.8AI score0.00918EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.3 views

SteelSeries GG 安全漏洞

SteelSeries GG is an all-in-one gaming platform from Danish company SteelSeries. It bundles powerful gaming applications into one easy-to-use interface. SteelSeries GG version 36.0.0 contains a security vulnerability that can be exploited by an attacker to change values in an unencrypted database...

8.8CVSS8.5AI score0.00918EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/20 12:0 a.m.3 views

PT-2023-23344 · Steelseries · Steelseries Gg

Name of the Vulnerable Software and Affected Versions: SteelSeries GG version 36.0.0 Description: An issue allows an attacker to change values in an unencrypted database that is writable for all users on the computer. This can trigger code execution with higher privileges. Recommendations: For...

8.8CVSS7.4AI score0.00918EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/05/31 11:21 p.m.1 views

SUSE CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

5.3CVSS6.5AI score0.00192EPSS
Exploits0References3
Amazon
Amazon
added 2023/05/31 12:0 a.m.5 views

Important: runc

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not...

7.8CVSS6.8AI score0.00457EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2023/05/30 1:40 p.m.38 views

CVE-2023-34204

imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...

4.4CVSS6.8AI score0.00625EPSS
Exploits1References3
Rows per page
Query Builder